-
-
Notifications
You must be signed in to change notification settings - Fork 10
/
consume.cfm
executable file
·125 lines (117 loc) · 5.83 KB
/
consume.cfm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
<cfscript>
// user account specific settings. Import the certificate here
accountSettings = createObject("java","com.onelogin.AccountSettings");
accountSettings.setCertificate(reReplace(request.company.getCertificate(),"-----BEGIN CERTIFICATE-----|-----END CERTIFICATE-----","","all"));
// Generate an AuthRequest and send it to the identity provider
samlResponse = createObject("java","com.onelogin.saml.Response").init(accountSettings);
// samlResponse.loadXmlFromBase64(trim(form.SAMLResponse));
// instead of using the loadXmlFromBase64 as it throws an error, use the coded
// directly to decode the SAMLResponse and then pass to loadXml
b64Coded = createObject("java","org.apache.commons.codec.binary.Base64");
xmlString = toString(b64Coded.decode(trim(form.SAMLResponse)));
// now load the XML
samlResponse.loadXml(xmlString);
validResponse = samlResponse.isValid();
// once packet is good we need to verify that is within the allowed time as the library only validates the
// request came from a valid IdP
if (validResponse){
saml = new services.saml();
verify = saml.buildPacket(xmlString);
validResponse = verify.verified.NotBefore && verify.verified.notOnOrAfter;
}
</cfscript>
<!--- DEBUG PURPOSES --->
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>SAML Login - One Login</title>
<link rel="shortcut icon" type="image/png" href="/favicon.png">
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css">
<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css">
<link rel="stylesheet" href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700">
<link rel="stylesheet" href="//fonts.googleapis.com/css?family=Source+Code+Pro">
<link rel="stylesheet" href="/includes/css/theme.css">
</head>
<body>
<cfoutput>
<div class="container">
<div class="row">
<div class="col-xs-10">
<cfif validResponse>
<div class="alert alert-success alert-block">
This is a good response, at this point you would simply validate the email we receive back as a user in the
database. If the user is not in the database you can opt to crawl the values returned in teh XML and create
a user on the fly.
<br /><br />
This request is valid until <strong>#dateTimeFormat(verify.conditions.notOnOrAfter,"mm/dd/yyyy hh:nn aa")# EST</strong>, since we are
still in a <strong>POST</strong> state, you can just hit the refresh button to retry after the time specified to see
the request invalidate.
</div>
<cfelse>
<div class="alert alert-danger alert-block">
This is not a valid response, review below to see why it failed.
</div>
</cfif>
</div>
<div class="col-xs-2">
<a href="/" class="btn btn-default">Return to Initiator Page</a>
</div>
</div>
<table class="table">
<colgroup>
<col width="280">
</colgroup>
<tr>
<th>Is response valid (certificate check)</th>
<td>
<cfif samlResponse.isValid()>
<strong class="text-success"><span class="glyphicon glyphicon-ok"></span> Passed</strong>
<cfelse>
<strong class="text-danger"><span class="glyphicon glyphicon-remove"></span> Failed</strong>
</cfif>
</td>
</tr>
<cfif samlResponse.isValid()>
<tr>
<th>The user to check on our end is</th>
<td>#samlResponse.getNameId()#</td>
</tr>
<tr>
<th>The conditions of this request are</th>
<td>
<dl>
<dt>Not Before</dt>
<dd>
#dateTimeFormat(verify.conditions.notBefore,"mm/dd/yyyy hh:nn aa")# EST
<cfif verify.verified.NotBefore>
<strong class="text-success"><span class="glyphicon glyphicon-ok"></span> Passed</strong>
<cfelse>
<strong class="text-danger"><span class="glyphicon glyphicon-remove"></span> Failed</strong>
</cfif>
</dd>
<dt>Not On Or After</dt>
<dd>
#dateTimeFormat(verify.conditions.notOnOrAfter,"mm/dd/yyyy hh:nn aa")# EST
<cfif verify.verified.notOnOrAfter>
<strong class="text-success"><span class="glyphicon glyphicon-ok"></span> Passed</strong>
<cfelse>
<strong class="text-danger"><span class="glyphicon glyphicon-remove"></span> Failed</strong>
</cfif>
</dd>
</dl>
</td>
</tr>
<tr>
<th>The attributes of this user returned are</th>
<td><cfdump var="#saml.getAttributes()#" /></td>
</tr>
</cfif>
</table>
<div class="well">
<pre>#encodeForHTML(reReplace(xmlString,"(<saml|<ds)",chr(10) & "\1","ALL"))#</pre>
</div>
</div>
</cfoutput>
</body>
</html>